Serious flaws affect hundreds of millions of connected objects

Forescout security researchers have published a third part entitled “NAME: WRECK” of their “Memoria” research project, which focuses on TCP / IP protocol stack implementations. On the menu, this time, nine flaws found in the DNS modules of four operating systems: VxWorks, Azure RTOS, FreeBSD and Nucleus RTOS.

The last three are certainly the most common. FreeBSD is installed on high performance servers “In millions of IT networks”, including Yahoo and Netflix. Created by Siemens, Nucleus RTOS is used “For decades in industrial devices and connected objects” and has over three billion deployments. And Azure RTOS – formerly ThreadX RTOS – sits in over 6 billion “Systems on a chip, medical devices and printers”.

Advertisement




“If about 1% of the over 10 billion deployments are vulnerable, which is a reasonable assumption, it can be estimated that at least 100 million devices are affected by NAME: WRECK,” emphasize the researchers in their study.

Depending on the situation, these flaws can be used to create denials of service or to execute an arbitrary code remotely. Obviously, the attack surface increases “Dramatically” whether vulnerable DNS clients are exposed on the Internet. Vulnerable implementations in Azure RTOS, Free BSD, and Nucleus RTOS have since been patched. But the update is not necessarily possible, due to the lack of responsiveness of a manufacturer and a particular configuration. Forescout therefore recommends limiting the exposure of vulnerable devices through network segmentation.

Advertisement




Also to discover in video:

Advertisement




These flaws are generally the result of an incorrect interpretation of RFC standards. “DNS is a complex protocol where vulnerable implementations are frequent and these vulnerabilities can often be exploited by external attackers to take control of millions of devices simultaneously”, emphasize the researchers. Of the nine flaws found, five are thus linked to a poor implementation of RFC 1035, which specifies a method for compressing DNS messages.

Source: Forescout

Advertisement




Latest stories

You might also like...